Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency graph produces SBOMs #626

Closed
github-product-roadmap opened this issue Jan 25, 2023 · 2 comments
Closed

Dependency graph produces SBOMs #626

github-product-roadmap opened this issue Jan 25, 2023 · 2 comments
Labels
all Product SKU: All cloud Available on Cloud ga Feature phase: Generally available server Available on Server shipped Shipped

Comments

@github-product-roadmap
Copy link
Collaborator

Summary

Developers can export their dependency graph as a Software Bill of Materials (SBOM), a formal, machine-readable inventory of their dependencies and associated information (versions, licenses, etc).

Intended Outcome

SBOMs are required for companies that provide software to the US federal government per Executive Order 14028. SBOMs also make auditing easier and helps companies comply with their organisation's regulatory and legal requirements.

How will it work?

Developers will be able to visit their repository's dependency graph page and export the current state of their dependency graph as a JSON file using an industry standard format like SPDX. Developers will also be able to retrieve the SBOM from their repository using an API.
@github github locked and limited conversation to collaborators Jan 25, 2023
@github-product-roadmap github-product-roadmap added all Product SKU: All cloud Available on Cloud ga Feature phase: Generally available GHES 3.9 server Available on Server labels Jan 25, 2023
@ankneis
Copy link
Collaborator

ankneis commented Mar 29, 2023

🚢 This has shipped to dotcom: https://github.blog/changelog/2023-03-28-generate-an-sbom-from-the-dependency-graph.

Leaving open to track for GHES release.

@ankneis ankneis added the shipped Shipped label Mar 29, 2023
@ankneis
Copy link
Collaborator

ankneis commented Jul 6, 2023

🚢 This has shipped with GHES 3.9: https://docs.github.com/en/enterprise-server@3.9/admin/release-notes. Closing as complete.

@ankneis ankneis closed this as completed Jul 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
all Product SKU: All cloud Available on Cloud ga Feature phase: Generally available server Available on Server shipped Shipped
Projects
📣 GitHub public roadmap - updates coming Nov 2024 📣
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@github-product-roadmap @ankneis